2c68ffdf30
When a Promise-Reject handler throws an unhandled exception, we should use that promise's context for reporting the exception to the runtime. This avoids a null-pointer deref. Fixed: chromium:1263994 Change-Id: I3792a1884af4a83991249d612caf15588ea77dad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3250912 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Auto-Submit: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/main@{#77652}
19 lines
626 B
JavaScript
19 lines
626 B
JavaScript
// Copyright 2021 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
function main() {
|
|
// This isn't really a Wasm-related test (so doesn't belong in regress/wasm/),
|
|
// but it does use WebAssembly.instantiate to trigger the original issue.
|
|
if (typeof WebAssembly === 'undefined') return;
|
|
|
|
Object.defineProperty(Promise, Symbol.species, {
|
|
value: function (f) {
|
|
f(() => { throw 111}, () => { throw 222});
|
|
}
|
|
});
|
|
const promise = WebAssembly.instantiate(new ArrayBuffer(0x10));
|
|
promise.then();
|
|
}
|
|
main();
|